Apparatus and Method for Utilizing Fourier Transforms to Characterize Network Traffic

1. A machine, comprising: a processor; and a memory connected to the processor, the memory storing instructions executed by the processor to: collect packet based network traffic timing data into an array; form a histogram by binning the array into individual bins representing units of time; produce a Fourier signature from the packet based network traffic timing data, wherein the instructions to produce include instructions to use each bin as a binary amplitude signal measurement that is Fourier transformed; associate the Fourier signature with a known pattern associated with a dangerous application or user; add the Fourier signature to a Fourier signature library comprising previously produced Fourier signatures associated with dangerous applications or users; collect new packet based network traffic timing data into a new array; form a histogram by binning the new array into individual bins representing units of time; produce a new Fourier signature from the new packet based network traffic timing data, wherein the instructions to produce include instructions to use each bin as a binary amplitude signal measurement that is Fourier transformed; compare the new Fourier signature with the Fourier signature of the Fourier signature library to selectively identify a Fourier signature match; associate the new network traffic data with the known pattern upon the Fourier signature match: and take computer security prophylactic actions against the dangerous application or user in response to the Fourier signature match.

2. The machine of claim 1 wherein the packet based network traffic timing data is selected from a packet transmit time, a packet flow start time, a packet flow end time, and a packet flow duration time.

3. The machine of claim 1 wherein the Fourier signature has a frequency spectrum indicative of network packet traffic.

4. The machine of claim 3 wherein the memory stores instructions executed by the processor to compute the mean and standard deviation of frequency modes present in the frequency spectrum to identify signal outliers.

5. The machine of claim 3 wherein the memory stores instructions executed by the processor to identify clustered frequencies in the frequency spectrum.

6. The machine of claim 3 wherein the memory stores instructions executed by the processor to identify cluster peaks in the frequency spectrum.

7. The machine of claim 1 wherein the memory stores instructions executed by the processor to perform a correlation test between the new Fourier signature and the Fourier signature.

8. The machine of claim 1 wherein the memory stores instructions executed by the processor to log the new Fourier signature for further evaluation upon failure to identify a match.